Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Is this Roles?

Re: Is this Roles?

From: Sybrand Bakker <sybrandb_at_hccnet.nl>
Date: Mon, 04 Oct 2004 13:25:25 +0200
Message-ID: <lkc2m0l0d73pg56d8nsbqr3mvgu4n0fcsj@4ax.com> 





On 4 Oct 2004 03:53:06 -0700, rmorea_at_satx.rr.com (Craig Morea) wrote:



>Hi,

>

>I am a non-technical manager who needs to understand technical issues

>concerning database management (probably mostly Oracle) well enough to

>know what the tech-guys are talking about.  If I can understand how it

>all works at the flowchart model level, it is not necessary that I

>understand how to code it.  I apologize if this question is in the

>wrong place and would accept redirection if that is appropriate.

>

>The main issue I need to understand is a variation on roles-based

>access.  There is quite a bit of information available on how systems

>use roles to grant or limit permissions, but I have not found what I

>am looking for.  Since many examples focus on hospitals, I will make

>my example along the same lines:

>

>The general assumption seems to be that Doctors have more permissions

>than Nurses.  This is fine.  But both Doctors and Nurses always seem

>to have access to all the records in the hospital.  I want to be able

>to restrict their access to the records of patients specifically

>assigned to them.

>

>Also, I'd like to be able to grant access to personnel data on

>employees, to the employee's supervisor, and also to his supervisor's

>supervisor, all the way up the chain, but not to anyone outside the

>chain.  This appears to be partly a role issue, since supervisors can

>only see certain data, but it is also beyond roles, because the

>question is "who is supervisor of who?," and it gets worse when you

>want to add supervisor's supervisor, etc.

>

>So...I'm not looking for solutions (unless you happen to have one

>handy).  But an assessment of whether these things are even possible

>and an explanation of where to start looking to tackle this kind of

>thing would be appreciated.

>

>Thanks,

>

>Craig





Both are examples of Row Level Security, also known as Fine Grained
Access control.


In Oracle you can deal with this by setting up various policies
controlling access, the policies are sql statements to be added
transparently to sql statements in the application.
Available from Oracle 8i, in 8i in Enterprise Edition only.



--
Sybrand Bakker, Senior Oracle DBA


Received on Mon Oct 04 2004 - 06:25:25 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US